[lxc-devel] [PATCH 1/3] lxc-shutdown: switch from script to program using api.

Serge Hallyn serge.hallyn at ubuntu.com
Mon May 20 14:04:27 UTC 2013 

Quoting Christian Seiler (christian at iwakd.de):
> Hi there,
> 
> > So my suggestion is basically to:
> >  - Kill lxc-shutdown
> >  - Change lxc-stop so that:
> >    * Default behaviour is to call shutdown(), wait 15s for STOPPED, if
> > not STOPPED, print a message to the user and call stop()
> >    * We have a -r option to reboot the container (with proper check that
> > the container indeed rebooted within the next 15s)
> >    * We have a -s option to shutdown the container without the automatic
> > fallback to stop()
> >    * Add a -k option allowing a user to just kill a container
> > (equivalent to old lxc-stop, no shutdown() call and no delay).
> > 
> > We'd therefore end up with a single binary which does shutdown, stop and
> > reboot, properly checks that the actions are carried out and supports
> > timing out and fallback to kill.
> 
> I would like to add that there currently is a setting lxc.stopsignal,
> which overrides 0.9's lxc-stop, but not lxc-shutdown.
> A few ideas on how to handle this:
> 
>  - Create 2 new signals,
>      lxc.signal.halt    (halt container, default: see below)
>      lxc.signal.reboot  (reboot container, default: SIGINT)
>      lxc.signal.kill    (kill container, default: SIGKILL)
>  - deprecate lxc.signal.stop (i.e. issue warning if it's used) but
>    make it an initial alias for lxc.signal.halt
>  - default for lxc.signal.halt:
>      - container started by lxc-start: SIGPWR
>         (templates should probably adjust that if necessary)
>      - container started by lxc-execute: SIGTERM
> 
> > The 15s timeout would be over-ridable through -t, 15s is a guess as to
> > how long users would be ready to wait for a container to die assuming
> > some complex processes (database and similar) need enough time to sync
> > their data and exit.
> 
> In my experience, containers running sysvinit usually take ~10s to shut
> down if next to nothing is running inside them (at the very end they
> wait 5s each to send SIGTERM and SIGKILL respectively to all of the
> processes), so I would rather be a bit more conservative and make the
> default 30s or even 60s instead of 15s. Containers with upstart or
> systemd as init system shut down faster, so there it's not quite as
> relevant.
> 
> It also would be nice to be able to override the default via
> configuration file, i.e. lxc.timeout.shutdown = 120s. The precenedence
> rule would be: lxc default (30s) overridden by config file overridden by
> command line option. That way, one doesn't always need to specify the
> timeout for a container that one knows to shut down much slower (due to
> a running database or such) and can just do lxc-stop -n foo without
> having to think too much.
> 
> > Does that sound reasonable to everyone?
> 
> Apart from the comments above: Yes, absolutely.

Ok, I've got no objection to this, but if I decide to do this before
resending the patch I won't get around to it for quite some time.  I'll
push a github tree with a simpler consolidated patch, and if you have
time to implement the above in a branch based on what I push, please
let me know.

thanks,
-serge

More information about the lxc-devel mailing list